Re: HTTPS 2.0 without TLS extension?

Michael Sweet <msweet@apple.com> Sun, 28 July 2013 12:14 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DFE321F9D12 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Jul 2013 05:14:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.202
X-Spam-Level:
X-Spam-Status: No, score=-9.202 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tu9dFVE8iv8O for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Sun, 28 Jul 2013 05:14:29 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id B3F0321F9D69 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Sun, 28 Jul 2013 05:14:24 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.72) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1V3PqT-0001oW-5Q for ietf-http-wg-dist@listhub.w3.org; Sun, 28 Jul 2013 12:13:05 +0000
Resent-Date: Sun, 28 Jul 2013 12:13:05 +0000
Resent-Message-Id: <E1V3PqT-0001oW-5Q@frink.w3.org>
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.72) (envelope-from <msweet@apple.com>) id 1V3PqJ-0001n0-1J for ietf-http-wg@listhub.w3.org; Sun, 28 Jul 2013 12:12:55 +0000
Received: from mail-out.apple.com ([17.151.62.49]) by lisa.w3.org with esmtps (TLS1.0:RSA_ARCFOUR_MD5:16) (Exim 4.72) (envelope-from <msweet@apple.com>) id 1V3PqI-0005r2-8i for ietf-http-wg@w3.org; Sun, 28 Jul 2013 12:12:54 +0000
MIME-version: 1.0
Content-type: multipart/alternative; boundary="Boundary_(ID_6HjilQXlFqo61T2kvz6gig)"
Received: from relay7.apple.com ([17.128.113.101]) by mail-out.apple.com (Oracle Communications Messaging Server 7u4-23.01 (7.0.4.23.0) 64bit (built Aug 10 2011)) with ESMTP id <0MQN00F9GB50G8J0@mail-out.apple.com> for ietf-http-wg@w3.org; Sun, 28 Jul 2013 05:12:26 -0700 (PDT)
X-AuditID: 11807165-b7f926d000002c03-35-51f50aa9a1c9
Received: from koseret (koseret.apple.com [17.151.62.39]) (using TLS with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by relay7.apple.com (Apple SCV relay) with SMTP id FC.E1.11267.9AA05F15; Sun, 28 Jul 2013 05:12:26 -0700 (PDT)
Received: from [10.0.1.12] (208-96-65-222.eastlink.ca [208.96.65.222]) by koseret.apple.com (Oracle Communications Messaging Server 7u4-24.01(7.0.4.24.0) 64bit (built Nov 17 2011)) with ESMTPSA id <0MQN00286B8OFX60@koseret.apple.com> for ietf-http-wg@w3.org; Sun, 28 Jul 2013 05:12:25 -0700 (PDT)
References: <CACuKZqEBAqXs-cQF1U-g3npaXGR0LEoXZYxDv-3a+ftn-YG=_g@mail.gmail.com> <CAA4WUYjS=JXYAYKe0ueqUFbdEUC3pM8xuj--b=F=WPgnSc9xYg@mail.gmail.com> <51F4A22F.2090804@cisco.com>
In-reply-to: <51F4A22F.2090804@cisco.com>
Message-id: <C8157F95-D9F1-4E0A-BA29-733A0DE4A3E5@apple.com>
Cc: =?utf-8?Q? William_Chan_=28=E9=99=88=E6=99=BA=E6=98=8C=29 ?= <willchan@chromium.org>, Zhong Yu <zhong.j.yu@gmail.com>, HTTP Working Group <ietf-http-wg@w3.org>
X-Mailer: iPad Mail (10B329)
From: Michael Sweet <msweet@apple.com>
Date: Sun, 28 Jul 2013 08:12:24 -0400
To: Eliot Lear <lear@cisco.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFrrOLMWRmVeSWpSXmKPExsUiON1OXXcV19dAg929zBaHW2YxOTB6HJ23 nzWAMYrLJiU1J7MstUjfLoEr49iCFUwFj1UqHkw/zd7A2CbfxcjBISFgIrH3TXQXIyeQKSZx 4d56ti5GLg4hgRYmiXnruxkhnA1MEht6X0E5Oxgljry8wgjSwisgLvH66BQwm1NAU+JL8x0w m1kgXuLxrj/MELa8xOY1b5kh6m0kTt29CLaCWWA5o8TZVReZIHbLSGze/pgdxGYTUJP4PamP FcQWFtCVePp6JdhQFgFVid/dH8FqRICGtp7dzzqBUWAWkjtmIdk9C8luCFtTYn/3chYIW1ti 2cLXUHENic5vE1mRxRcwsq9iFChKzUmsNNdLLCjISdVLzs/dxAgK7obC1B2MjcutDjEKcDAq 8fA+cPoSKMSaWFZcmXuIUYKDWUmEV/c8UIg3JbGyKrUoP76oNCe1+BCjNAeLkjivd+aHQCGB 9MSS1OzU1ILUIpgsEwenVAOjxfn5P6WPacrG8lU1v1ksYb9wTqZjouROtst3xFQKLl7T2xW9 uvNF0A3L1Fu9iidUxE9Pfftkm8P115uM1/icvJtyU2WpBNumjfMXWCyIdj7po5yUFMDySCYh 6+OXXuE3T/q8bWWSdc7/2Kez6+ev6YcNOhc/uS4asuLGG58vt1Q9Cq+ke7kfVWIpzkg01GIu Kk4EAHNbzk1qAgAA
Received-SPF: pass client-ip=17.151.62.49; envelope-from=msweet@apple.com; helo=mail-out.apple.com
X-W3C-Hub-Spam-Status: No, score=-7.3
X-W3C-Hub-Spam-Report: AWL=1.058, BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-1.452, SPF_PASS=-0.001
X-W3C-Scan-Sig: lisa.w3.org 1V3PqI-0005r2-8i 4337dd18a25ce503bebc2bbcc24e3c4f
X-Original-To: ietf-http-wg@w3.org
Subject: Re: HTTPS 2.0 without TLS extension?
Archived-At: <http://www.w3.org/mid/C8157F95-D9F1-4E0A-BA29-733A0DE4A3E5@apple.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/18948
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>

... and don't forgot some of the more obscure usage of HTTP, such as HTTP over USB in the USB-IF's IPP USB Specification:

    http://www.usb.org/developers/devclass_docs

There isn't much point in using TLS over USB (and a lot of cost issues for that class of printer against it), and we need to continue to use the same USB end points/interfaces, so upgrade remains an important feature of HTTP/2.0 for me/Apple...


Sent from my iPad

On 2013-07-28, at 12:46 AM, Eliot Lear <lear@cisco.com> wrote:

> 
> On 7/23/13 7:34 PM, William Chan (陈智昌) wrote:
>> FWIW, it seems reasonable to me to have the spec allow HTTPS 2.0 without TLS extension. If you want to Upgrade, be my guest. I have no plans for my browser to support that, and I don't think Google servers will support it either, because we care strongly about the advantages of TLS-ALPN vs Upgrade.
> 
> Not only that, I don't think we can reasonably call this HTTP 2.0 if we have no path to do it in the clear.